iPhone Insecurity
May 18, 2010
UPDATE > Jun 21: Apple announced the new iPhone 4 and iPhone OS 4 (renamed iOS 4) on Jun 7. iOS 4 was released today. The presentation will be updated to reference Apple’s new iPhone hardware and software.
This presentation on “iPhone Insecurity” was given for a SANS Information Security Webcast on May 18:
-
The Apple iPhone is rapidly becoming the most popular smartphone in the world. Despite concerns over the security features—or rather, lack of security features—the iPhone has been sold in large quantities to Fortune 100 corporations and government agencies. This webcast discusses the information risks associated with using the iPhone, security features that are available, and why everyone is excited to see the new security features to be released this summer with the next version of iPhone OS.
A recording of the webcast (slides + audio) can be found in the SANS Webcast Archives: https://www.sans.org/webcasts/iphone-insecurity-93463. The slides are available below.
—Jim Herbeck
Webcast handout: PDF file (English)
Research Resources
Here are some web links I found valuable while researching the topic:
Apple Computer, “iPhone Configuration Utility” download page.
Apple Computer, “New enterprise features in iPhone OS 4” page;
“Enterprise features” is Apple’s code phrase for “security features.”
iPhone Insecurity website, Jonathan Zdziarski’s iPhone Forensic research site;
(I had already picked and published the name for the talk before I discovered that a website existed with the same name.)
Bernd Marienfeldt, “iPhone business security framework” blog, Mar 22, 2010;
includes May 17, 2010 update for iPhone/Linux data protection vulnerability.
Nicolas Seriot, “iPhone Privacy” presentation, Black Hat DC, Feb 3, 2010.
Jonathan Zdziarski, “iPhone Forensic Method FAQ” blog, Sep 17, 2009.
Jonathan Zdziarski, “Bypassing iPhone 3G[S] Encryption” blog, Jul 24, 2009;
includes links for YouTube demos of bypassing the iPhone passcode and removing data from an iPhone.
NOUVEL Research
